Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
06aef80b by Salvatore Bonaccorso at 2020-03-31T23:11:50+02:00
Slightly reorganize notes for CVE-2014-2875
Add the original CVE bug to the source package and expand explanation
why the issue is not exploitable according to the analysis from Brian
May.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -263081,11 +263081,10 @@ CVE-2014-2877
CVE-2014-2876
RESERVED
CVE-2014-2875 (The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2
uses wea ...)
- - lua-cgi <unfixed> (unimportant)
+ - lua-cgi <unfixed> (unimportant; bug #953037)
NOTE: https://github.com/keplerproject/cgilua/issues/17
- NOTE: https://bugs.debian.org/953037
- NOTE: https://bugs.debian.org/954300
- NOTE: The code itself is broken and thus cannot be exploited per se if
not fixed.
+ NOTE: The code itself is broken and thus cannot be exploited per se if
not fixed,
+ NOTE: see details in https://bugs.debian.org/954300
CVE-2013-7369 (SQL injection vulnerability in an unspecified DLL in the
FSDBCom Activ ...)
NOT-FOR-US: F-Secure Anti-Virus
CVE-2012-6647 (The futex_wait_requeue_pi function in kernel/futex.c in the
Linux kern ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06aef80b004fc34fc8d1f8bf2764d28155f03409
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06aef80b004fc34fc8d1f8bf2764d28155f03409
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
